-
Notifications
You must be signed in to change notification settings - Fork 329
/
goth.go
89 lines (75 loc) · 2.53 KB
/
goth.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
package external
import (
"strings"
"github.com/cortezaproject/corteza/server/auth/external/nylas"
"github.com/cortezaproject/corteza/server/auth/settings"
"github.com/markbates/goth"
"github.com/markbates/goth/providers/facebook"
"github.com/markbates/goth/providers/github"
"github.com/markbates/goth/providers/google"
"github.com/markbates/goth/providers/linkedin"
"github.com/markbates/goth/providers/openidConnect"
"go.uber.org/zap"
)
// We're expecting that our users will be able to complete
// external auth loop in 15 minutes.
const (
WellKnown = "/.well-known/openid-configuration"
)
func SetupGothProviders(log *zap.Logger, redirectUrl string, ep ...settings.Provider) {
var (
err error
)
// Purge all previously configured providers
if l := len(goth.GetProviders()); l > 0 {
log.Debug("removing existing providers", zap.Int("count", l))
goth.ClearProviders()
}
log.Debug("initializing enabled external authentication providers", zap.Int("count", len(ep)))
for _, pc := range ep {
var provider goth.Provider
log := log.With(zap.String("provider", pc.Handle))
redirect := pc.RedirectUrl
if redirect == "" {
// If redirect URL is not explicitly set for this provider,
// generate one from template string
redirect = strings.Replace(redirectUrl, "{provider}", pc.Handle, 1)
}
if strings.HasPrefix(pc.Handle, OIDC_PROVIDER_PREFIX) {
if pc.IssuerUrl == "" {
log.Error("failed to discover OIDC provider, URL empty")
continue
}
wellKnown := strings.TrimSuffix(pc.IssuerUrl, "/") + WellKnown
var scope []string
if len(pc.Scope) > 0 {
scope = strings.Split(pc.Scope, " ")
} else {
scope = append(scope, "email")
}
if provider, err = openidConnect.New(pc.Key, pc.Secret, redirect, wellKnown, scope...); err != nil {
log.Error("failed to discover OIDC provider", zap.Error(err), zap.String("well-known", wellKnown))
continue
} else {
provider.SetName(pc.Handle)
}
} else {
switch pc.Handle {
case "github":
provider = github.New(pc.Key, pc.Secret, redirect, "user:email")
case "facebook":
provider = facebook.New(pc.Key, pc.Secret, redirect, "email")
case "google":
provider = google.New(pc.Key, pc.Secret, redirect, "email")
case "linkedin":
provider = linkedin.New(pc.Key, pc.Secret, redirect, "email")
case "nylas":
provider = nylas.New(pc.Key, pc.Secret, redirect, "email")
}
}
if provider != nil {
log.Info("external authentication provider added", zap.String("key", pc.Key))
goth.UseProviders(provider)
}
}
}